The chaos surrounding Ubisoft escalated considerably at the moment as the primary group of hackers, beforehand recognized for silent exploits, initiated a extremely seen and disruptive takeover of Rainbow Six Siege servers.
Gamers worldwide are reporting an enormous inflow of in-game forex, unwarranted bans, and taunting messages broadcast instantly via the sport’s administrative feeds.
Beginning early this morning, 1000’s of Rainbow Six Siege gamers logged in to seek out their accounts inexplicably credited with hundreds of thousands in R6 Credit, Renown, and Alpha Packs. Reviews point out that unique skins and objects, sometimes locked behind paywalls or legacy occasions, have been unlocked for random customers.
The state of affairs rapidly escalated when the attackers weaponized the in-game ban feed, often reserved for anti-cheat notifications. Quite a few high-profile accounts, together with official Ubisoft directors and in style streamers, have been hit with momentary or everlasting bans.
‼️ Ubisoft’s Rainbow Six Siege servers have been hacked. Gamers report hundreds of thousands of credit added to their accounts and troll messages within the public ban chat. pic.twitter.com/ctlsfjtfK8— Worldwide Cyber Digest (@IntCyberDigest) December 27, 2025
Screenshots circulating on social media affirm the attackers are utilizing the ban system to speak. One putting picture captures a sequence of bots with particular usernames being banned so as, spelling out a cryptic warning: “What else are they hiding from us?”
BREAKING: Ubisoft Rainbow Six Siege servers have been breached.Gamers are reporting huge quantities of R6 Credit, Renown, Alpha Packs, and unique objects unexpectedly.Quite a few accounts even Ubisoft, together with streamers’ and presumably official ones, have acquired random or… pic.twitter.com/9hGNbBCMAm— Pirat_Nation 🔴 (@Pirat_Nation) December 27, 2025
One other broadcast signaled a brief pause to the hostilities, with a consumer named “We stopping this for now, have a pleasant night time everybody at Ubisoft!” being banned for “Poisonous Conduct”. This brazen mockery suggests the attackers have high-level administrative management over the sport’s stay service backend.
Ubisoft has issued an official assertion on at the moment’s breach, however servers have intermittently gone offline for unannounced upkeep and restarts. Safety consultants and group leaders are advising gamers to keep away from logging into Ubisoft Join or Rainbow Six Siege till the writer confirms server integrity, citing potential information corruption or additional account tampering.
We’re conscious of an incident at present affecting Rainbow Six Siege. Our groups are engaged on a decision.We’ll share additional updates as soon as accessible.— Rainbow Six Siege X (@Rainbow6Game) December 27, 2025
In response to vx-underground, the live-service disruption seems to be the work of the First Group, unrelated to the supply code theft reported earlier this week. The incident highlights a fractured panorama of menace actors at present focusing on the writer:
GroupKey Actions/ClaimsConfidence/StatusRelationsFirstExploited R6 Siege for bans, stock mods; gifted $339.96T in-game forex. No consumer information touched.Excessive (Ubisoft-confirmed rollback).Annoyed with Second/Fourth drama.SecondMongoBleed pivot from MongoDB to Git repo; exfiltrated 90s–current supply code, SDKs, multiplayer code (~900GB).Medium-high (multi-source verified).Accused by Fourth of prior entry, masquerading.ThirdMongoBleed consumer information exfil; Telegram extortion with group identify.Low (unverified claims).Unrelated?FourthDenies Second’s novelty; claims long-term Second entry, hiding behind First for leak pretext.Medium (discussion board exercise).Aligned with First vs. Second.
Whereas at the moment’s siege is probably going as a consequence of an API authorization failure, the broader breach involving the Second Group is linked on CVE-2025-14847 (MongoBleed).
Clarification put up, earlier put up about Ubisoft result in some confusion. That is my fault. I will be extra verbose. I used to be making an attempt to compress the knowledge into 1 singular put up with out it exceeding the phrase restrict.This is the phrase on the web streets:– THE FIRST GROUP of… pic.twitter.com/crsOxCnMWU— vx-underground (@vxunderground) December 27, 2025
This flaw allows attackers to learn server reminiscence with out authentication by sending malformed compressed packets. If the Second Group’s claims of pivoting to inside Git repositories are true, Ubisoft faces a catastrophic lack of mental property that would gas cheat improvement for years to return.
Ubisoft is predicted to carry out an enormous rollback of participant information to undo the financial injury, a transfer that may seemingly frustrate professional progress made by gamers over the weekend.
Comply with us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.
